67 matches found
UBUNTU-CVE-2022-39376
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please...
GLPI 输入验证错误漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
WordPress Get Custom Field Values plugin access control error vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blogging sites on PHP and MySQL servers. Get Custom Field Values Plugin is a WordPress open source application plugin. WordPress Get Custom Field Values...
CVE-2021-24871
The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2021-24872
The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata...
CVE-2021-24872
The CVE-2021-24872 entry concerns the WordPress Get Custom Field Values plugin, prior to version 4.0, where users with a low-privilege role (as low as Contributor) can access other posts’ metadata without permission checks. The root cause is an access-control flaw that allows metadata exposure ac...
WordPress 插件安全漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blogging sites on PHP and MySQL servers. Get Custom Field Values Plugin is a WordPress open source application plugin. WordPress Get Custom Field Values...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. Get Custom Field Values Plugin is a WordPress open source application plugin. WordPress Get Custom Field Values Plugin...
WordPress Get Custom Field Values plugin <= 3.9.4 - Arbitrary Post Metadata Access vulnerability
Arbitrary Post Metadata Access vulnerability discovered by Francesco Carlucci in WordPress Get Custom Field Values plugin versions = 3.9.4. Solution Update the WordPress Get Custom Field Values plugin to the latest available version at least 4.0...
Combodo iTop 安全漏洞
Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. Combodo iTop version 2.7.4 prior to a security vulnerabilit...
CVE-2021-32624
Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control...
CVE-2021-32624 Private Field data leak
Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control...
Multiple vulnerabilities in extension "femanager" (femanager)
It is possible to bypass configured server side validation rules which allows an attacker to create frontend user records with invalid data. Also, the eID script allows an attacker to set various validators using GET parameters resulting in information disclosure of field values from the feusers...
UBUNTU-CVE-2017-14528
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service use-after-free after an invalid call to TIFFSetField,...
Information Disclosure
Plone is vulnerable to information disclosure. z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id...
CVE-2013-1973
The autocomplete callback in Autocomplete Widgets for Text and Number Fields autocompletewidgets module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors...
Improve filter behaviour: auto-complete should not give away field values
h4. Context When using JQL with auto-complete switched on, searching for fields will always list global values. For instance, when using the IN operator in JQL, auto-complete will "give away" values for the majority of fields. Given that for each individual project there are schemes restricting o...
Improve filter behaviour: auto-complete should not give away field values
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-36881. panel h4. Context When using JQL with auto-complete switched on, searching for fields will always list global values. For instance, wh...
Bugzilla < 4.0.11 / 4.2.7 / 4.4.1 Multiple Vulnerabilities
According to its banner, the version of Bugzilla installed on the remote host is affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to a flaw in token validation in 'processbug.cgi'. Note that this only affects versions 4.4rc1 to 4.4. CVE-2013-1733 - A...
http-stored-xss NSE Script
Unfiltered '' greater than sign. An indication of potential XSS vulnerability. See also: http-dombased-xss.nse http-phpself-xss.nse http-xssed.nse http-unsafe-output-escaping.nse Script Arguments http-stored-xss.formpaths The pages that contain the forms to exploit. For example, /upload.php,...